The Phish Are Biting

For years I’ve been perplexed by the fact that the classic Nigerian scam keeps proliferating. Just a few months ago, Dateline NBC’s Chris Hanson did an investigative report on these fraudsters and their victims. I was blown away that these scams are still taking place.

phishProlifBut the fact of the matter is, they are for one simple reason: People keep falling for them. And these are the ones we’d all like to think would be easily recognizable as complete¬†malarkey. What about the attempts to defraud us that are less evident? How likely would you be, as an intelligent, well-informed member of today’s technology-centric society to fall for an attack crafted by someone only slightly more skilled than “Dr. Dehinde Daniels, personal physician to his royal highness, offering you the warm embrace of a lifetime mutually beneficial relationship between us?”

The simple truth of the matter is that you may have already fallen victim, either as a direct result of your own actions, by those of one or more of your employees, or by those of your customer base.

In this day and age, it is trivial for someone of nefarious intent to clone your website, craft very convincing emails with an official look and feel, and compromise your user base by either capturing their logon credentials or installing malware on their machines when they pass through the staged site on their way to performing normal business with your organization. In fact, there are freely available tools out there that do all of the work for the bad guy, enabling just about anyone with an internet connection the ability to be naughty.

As Dunbar Digital Armor’s Principal Security Strategist, part of my job is to analyze the threat landscape, to work with our Product Management team to appropriately adjust our product portfolio, and to act as a trusted advisor to our customers. Each week (if not more often) I plan to write about the trends we’re seeing in attack methodology, in who is being targeted, and what we can do to not only detect these attacks, but proactively shut them down.